A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox

Jalen Mack, Y. Hu, M. Hoppa
{"title":"A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox","authors":"Jalen Mack, Y. Hu, M. Hoppa","doi":"10.25778/bx6k-2285","DOIUrl":null,"url":null,"abstract":"Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools.","PeriodicalId":23516,"journal":{"name":"Virginia journal of science","volume":"10 1","pages":"1"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Virginia journal of science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.25778/bx6k-2285","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools.
基于XAMPP和VirtualBox的现有跨站点脚本检测和预防技术研究
大多数运营中的网站在某些时候都经历过网络攻击。跨站点脚本(XSS)攻击被认为是最大的网站风险。超过60%的web应用程序容易受到它们的攻击,并且它们最终导致了超过30%的web应用程序攻击。XSS攻击很复杂,它们经常与社会工程技术结合使用,造成更大的破坏。尽管存在预防技术,黑客仍然会找到漏洞点发动攻击。本项目探讨了什么是XSS攻击、常见攻击的示例以及检测和预防它们的方法。利用从分析以前的XSS事件中获得的知识和经验教训,使用XAMPP和VirtualBox构建了一个模拟环境。在这个虚拟环境中发起了四种典型的XSS攻击,并使用通用漏洞评分系统(CVSS)计算器对其造成重大损害的可能性进行了测量和比较。本文为阻止XSS攻击的方法提供了建议,包括涉及数据清理、白名单数据、实现内容安全策略和统计分析工具的解决方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信